Consequence criteria are defined to enable a business to have a consistent approach to assessing the potential impact a risk could have on a business. They typically include a combination of measurable and subjective factors to help in guiding consistent evaluations. This benefits decision makers by providing confidence that there is consistency of risk assessments.
In StartRisk, users are required to set consequence criteria for each risk class when first setting up a business. This step is supported by the StartRisk AI which will produce recommendations for consequence criteria based on the context known about the business. It’s important to review and tailor these to the unique needs and characteristics of the business.
Risk Consequence Definitions Screen in New Business Wizard:
Once the consequence criteria are defined, the definitions will appear in StartRisk when users are assessing consequence ratings for risks. Having this information visible while users are assessing or reviewing risks supports consistency in assessments.
Consequence Selection View in Risk Editor:
Risk consequence criteria may be required to be changed in certain circumstances. For example if the definitions are leading to an over-reporting of risk exceptions or if there is a change in strategic objectives and/or risk appetite. Risk Class owners are able to change the consequence criteria from the risk class page by clicking the settings icon.
Risk Class: A categorisation of similar risks based on shared characteristics or areas of impact, allowing for targeted management and reporting.
Consequence Criteria: The specific outcomes or impacts defined for each risk class, used to assess the severity of a risk event. These criteria are a mix of qualitative descriptions and quantitative measures.